
Appl. No. 10/040,293 
Amdt, dated March 12, 2 007 

Reply to Office Action of December 12, 2006 



This listing of claims replaces all prior versions, and 
listings of claims in the instant application: 



Listing of Claims; 



1. (Previously Presented) A method for managing 
identification in a data communications network, the method 
comprising : 

receiving a portable user-controlled secure storage 
device; 

enrolling a user of said portable user-controlled 
secure storage device with an authority network site, said 
enrolling comprising providing information requested by 
said authority network site; 

receiving user data in response to said enrolling; 

storing said user data in said portable user- 
controlled secure storage device; 

enabling said portable user-controlled secure storage 
device to release said user data; and 

using said user data, from said portable user- 
controlled secure storage device, at a service provider 
network site to obtain a service. 
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2. (Previously Presented) A method for managing 
identification in a data communications network, the method 
comprising : 

receiving a portable user-controlled secure storage 
device ; 

enrolling a user of said portable user-controlled 
secure storage device with an authority network site, said 
enrolling comprising providing information requested by 
said authority network site; 

receiving user data in response to said enrolling, 
said user data comprising a first portion and a second 



Page 2 of 10 



Appl. No. 10/040,293 

Amdt. dated March 12, 2007 

Reply to Office Action of December 12, 2 006 



portion, said first portion comprising a cryptogram 
computed based on said second portion; 

storing said user data in said portable user- 
controlled secure storage device; 

enabling said portable user-controlled secure storage 
device to release said user data; and 

using said user data, from said portable user- 
controlled secure storage, at a service provider network 
site to obtain a service. 



3. (Previously Presented) A method for managing 
identification in a data communications network, the method 
comprising: 

presenting an identity credential request and data to 
be stored to a federated identity server via a client 
. . host; 

receiving an identity credential in response to said 
identity credential request, said identity credential 
comprising a randomized ID and an identification authority 
ID, said federated identity server capable of verifying 
the truthfulness, accuracy and completeness of said data 
to be stored; 

presenting a service request and said identity 
credential to a service portal, said service portal 
configured to issue an authentication request to said 
federated identity server; 

receiving a logon credential in response to said 
service request, said login credential comprising an 
indication of the client host used by the user; and 

using said logon credential to obtain a service from 
a service provider accessible via said service portal . 
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4. (Currently Amended) A computer program storage device 
readable by a machine, including a tangible computer readable 
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media having embodied therein embodying a program of 
instructions executable by the machine a processor to perform a 
method for managing identification in a data communications 
network, the method comprising: 

receiving a portable user-controlled secure storage 
device; 

enrolling a user of said portable user-controlled 
secure storage device with an authority network site, said 
enrolling comprising providing information requested by 
said authority network site; 

receiving user data in response to said enrolling; 

storing said user data in said portable user- 
controlled secure storage device; 

enabling said portable user-controlled secure storage 
device to release said user data; and 

using said user data, from said portable user- 
controlled secure storage device, at a service provider 
network site to obtain a service.. 
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5. (Currently Amended) A computer program storage device 
readable by a machine, including a tangible computer readable 
media having embodied therein embodying a program of 
instructions executable by the machine a processor to perform a 
method for managing identification in a data communications 
network, the method comprising: 

receiving a portable user-controlled secure storage 

device; 

enrolling a user of said portable user-controlled 
secure storage device with an authority network site, said 
enrolling comprising providing information requested by 
said authority network site; 

receiving user data in response to said enrolling, 
said user data comprising a first portion and a second 



Page 4 of 10 



Appl. No. 10/040,293 
Amdt. dated March 12, 2 007 

Reply to Office Action of December 12, 2006 



portion, said first portion comprising a cryptogram 
computed based on said second portions- 
storing said user data in said portable user- 
controlled secure storage devices- 
enabling said portable user-controlled secure storage 
device to release said user data; and 

using said user data, from said portable user- 
controlled secure storage device, at a service provider 
network site to obtain a service - 
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6. (Currently Amended) A computer program storage device 
roadablc by a machine, including a tangible computer readable 
media having embodied therein embodying a program of 
instructions executable by the machine a processor to perform a 
method for managing identification in a data communications 
network, the method. comprising : 

presenting an identity credential request and data to 

be stored to a federated identity server via a client 

host ; 

receiving an identity credential in response to said 
identity credential request, said identity credential 
comprising a randomized ID and an identification authority 
ID, said federated identity server capable of verifying 
the truthfulness, accuracy and completeness of said data 
to be stored; 

presenting a service request and said identity 
credential to a service portal, said service portal 
configured to issue an authentication request to said 
federated identity server; 

receiving a logon credential in response to said 
service request, said login credential comprising an 
indication of the client host used by the user; and 

using said logon credential to obtain a service from 
a service provider accessible via said service portal. 
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7. (Previously Presented) An apparatus for managing 
identification in a data communications network, the apparatus 
comprising : 

means for receiving a portable user-controlled secure 
storage devices- 
means for enrolling a user of said portable user- 
controlled secure storage device with an authority network 
site, said enrolling comprising providing information 
requested by said authority network site; 

means for receiving user data in response to said 
enrolling; 

means for storing said user data in said portable 
user-controlled secure storage device; 

means for enabling said portable user-controlled 
secure storage device to release said user data; and 

means for using said user data, from said portable 
user-controlled secure storage device, at a service 
provider network site to obtain a service. 
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8. (Previously Presented) An apparatus for managing 
identification in a data communications network, the apparatus 
comprising : 

means for receiving a portable user- control led secure 
storage device; 

means for enrolling a user of said portable user- 
controlled secure storage device with an authority network 
site, said enrolling comprising providing information 
requested by said authority network site; 

means for receiving user data in response to said 
enrolling, said user data comprising a first portion and a 
second portion, said first portion comprising a cryptogram 
computed based on said second portion; 
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means for storing said user data in said portable 
user- control led secure storage device; 

means for enabling said portable user-controlled 
secure storage device to release said user data; and 

means for using said user data, from said portable 
user-controlled secure storage device, at a service 
provider network site to obtain a service. 

9. (Previously Presented) An apparatus for managing 
identification in a data communications network, the apparatus 
comprising: 

means for presenting an identity credential request 
and data to be stored to a federated identity server via a 
client host; 

means for receiving an identity credential in 
response to said identity credential request, said 
identity credential comprising a randomized ID and an 
identification authority ID, said federated identity 
server capable of verifying the truthfulness, accuracy and 
completeness of said data to be stored; 

means for presenting a service request and said 
identity credential to a service portal, said service 
portal configured to issue an authentication request to 
said federated identity server; 

means for receiving a logon credential in response to 
said service request, said login credential comprising an 
indication of the client host used by the user; and 

means for using said logon credential to obtain a 
service from a service provider accessible via said 
service portal . 



10. (Cancelled) 
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11. (Cancelled) 
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12. (Previously Presented) A method for protecting 
privacy on a data communications network, the method 
comprising : 

storing user logon information for at least one 
service provider server on a portable user-controlled 
secure device, said at least one service provider server 
comprising at least one network server that is capable of 
providing a service to a user; and 

logging on to said portable user-controlled secure 
device, said logging on providing access to said at least 
one service provider server. 

13 - (Cancelled) 

14 . (Cancelled) 

. 15. (Previously Presented) An apparatus for protecting 
privacy on a data communications network, the apparatus 
comprising : 

means for storing user logon information for at least 
one service provider server on a portable user-controlled 
secure device, said at least one service provider server 
comprising at least one network server that is capable of 
providing a service to a user; and 

means for logging on to said portable user-controlled 
secure device, said logging on providing access to said at 
least one service provider server. 

16. (Cancelled) 

17. (Cancelled) 



GUNNISON, McKAY & 

HODGSON. L.L.P. 
Garden West Oflice Plaza 
1900 Garden Road, Sui(e 220 
Monicrcy. CA 93940 

(S3 1)655.0880 
Fax (831) 655-0888 



Page 8 of 10 



Appl. No. 10/040,293 

Amdt. dated March 12, 2007 

Reply to Office Action of December 12, 2006 



18. (Previously Presented) An apparatus for protecting 
privacy on a data communications network, the apparatus 
comprising : 

means for storing user logon information for at least 
one service provider server on a portable user- controlled 
secure device, said at least one service provider server 
comprising at least one network server that is capable of 
providing a service to a user; and 

means for logging on to said portable user-controlled 
secure device, said logging on providing access to said at 
least one service provider server. 

19. (Cancelled) 
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